Random Thoughts – Randocity!

Fallout 76: How to get Sludge Lung?

Posted in botch, video game, video game design by commorancy on October 3, 2021

Fallout 76_20191108124032One of the Atom Survival challenges in the game is to catch all of the diseases in the game, such as Sludge Lung and The Whoopsies. Each of these diseases are had by being exposed to certain things in the game. Let’s explore Sludge Lung and The Whoopsies, two of the most difficult diseases to achieve. Let’s explore.


Sludge Lung

Just above I said it is one of the “most difficult disease to achieve”. Oh, it’s not that hard to actually get Sludge Lung, but it is difficult to get Sludge Lung to count against the challenge objective. This is one of the most frustrating things about the challenge system in Fallout 76. You can do all of the right things and still not see the challenge marked as complete. Sludge Lung is one of these problematic achievements.

The easiest way to get Sludge Lung is to enter Belching Betty mine without a mask on. In fact, without a mask, you’re likely to get it instantly upon entering. That’s not the problem, however. Simply getting Sludge Lung doesn’t make it count toward the Survival challenge like it should. This is plainly a bug in Fallout 76. This bug has existed for going on at least 2 years now. You would think that Bethesda could fix a bug like this in 2 years. Yet, here we are and it’s still not fixed. In fact, there are other long unfixed bugs still present today that were in the game on day one of its release.

Fallout 76_20191114150545

Bethesda really has no desire to fix these long standing bugs. Instead, they prefer building and releasing expensive add-ons, like the now-defunct Survival World type, Vault 94 and even Nuclear Winter only to see these removed from the game months after introduction. These were expensive-to-build add-ons from a development perspective. We’re talking several months of design and coding only to be summarily dumped from the game without even so much as a farewell.

No, Bethesda can’t fix even the most simplest of bugs, like Sludge Lung counting towards a challenge, but they can spend months building an add-on that no one really wanted and which was proven out because it wasn’t played.

How to get Sludge Lung to count?

We now arrive at the heart of this article. Sludge Lung doesn’t count towards the challenge achievement after a player’s character contracts it. We know this. To get this disease to count towards the Survival challenge isn’t hard, but it also isn’t intuitive.

The easiest method is to immediately head over to Flatwoods after contracting Sludge Lung. There are three sleeping bags lying on the ground near or in Flatwoods. You may now even see where I’m going with this, so bear with me. There are two at the ghoul infested tent just across the field of Brahmin (near the Red Rocket) in Flatwoods proper. There is one more at located at the Overseer’s camp right across from The Wayward (just outside Flatwoods).

Lying on any of these sleeping bags on the ground may confer the Swamp Itch disease upon the player’s character. Why is this important? It’s important because the only way to get Sludge Lung to count is to immediately take on a new disease.

However, there’s a catch. As soon as the player character gets a disease, an invisible cooldown timer begins so that you can’t receive another new disease until that cooldown timer expires. However, server hopping immediately causes that timer to expire upon login to a new server.

This means that once you obtain Sludge Lung, you’ll need to server hop and then fast travel to Flatwoods to attempt to get Swamp Itch from a sleeping bag on the ground. However, Swamp Itch isn’t the only way, but it’s the fastest way. You can certainly try to find a diseased animal, creature or similar and get close enough to them to get their disease. However, you’ll need to be able to do this quickly as Sludge Lung heals and disappears quick… hence, the sleeping bag is the key to speed.

Sleeping Bags and Diseases

Once you have Sludge Lung, server hopped and are standing in front of a sleeping bag on the ground, hop into it. Make sure it’s not a sleeping bag in your camp. Camp sleeping bags on the ground in your camp may be considered “safe” by the game. Instead, use a world bag not located in your camp. These non-camp bags are always considered “unsafe”.

You may or may not get Swamp Itch on your first attempt. Sleeping in a ground mattress or sleeping bag doesn’t confer a high chance, just a chance to get a disease. However, if you do get Swamp Itch, it will happen almost instantly after lying down. No need to wait a while. If you don’t get it after lying down, stand back up and try again. Just keep trying over and over until you get it.

Once you get Swamp Itch, it will force the game to iterate through all of the current diseases your character presently has and update the challenge area. At that point, the game will notice you have Sludge Lung and mark that disease complete under the challenge. Why the game doesn’t do this iteration when you obtain Sludge Lung by itself, I’ve no idea. My guess is bad coding. There’s plenty of bad code in Fallout 76 and this area is no exception.

As I said, it doesn’t matter what other disease you obtain, you just need to get it before Sludge Lung wears off. For example, drinking Dirty Water can confer Dysentery upon the player’s character and that will also count. However, I’ve found that the chances of getting Dysentery from water is a whole lot less than getting Swamp Itch from a sleeping bag on the ground. Whatever disease you attempt to get while having Sludge Lung, you’ll need to do it quick before Sludge Lung wears off.

If Sludge Lung wears off before you can get a new disease, you’ll need to enter Belching Betty again, get Sludge Lung and start this process over again.

Once you get Swamp Itch in addition to Sludge Lung, the game will update that you have Sludge Lung and that challenge is marked as complete.

The Whoopsies

[Updated for 2023] After having attempted to have a friend get The Whoopsies from Diseased Mirelurk Hatchlings for about about an hour at the metal building, I’ve come to the conclusion that Bethesda has once again broken this disease in some recent release. His character took off all armor, used a radaway and rad-x (lowers disease resistance and suppresses mutations temporarily) and still none of these diseased hatchlings gave him The Whoopsies. While my attempt to get this disease took way less time under nearly the same circumstances (about 30 minutes), his character didn’t get the disease the entire time trying with perhaps 30 different hatchlings attacking, some at the same time. With that said, let’s continue with the remainder of this original article [Update Over].

I could write a separate article on this disease and how to get it. However, I’ll just do it here. However, let me say that by far, The Whoopsies disease is the absolute most difficult disease to get in the game, but not for the same reason as Sludge Lung. There is only one enemy in the game that confers this disease upon the player and it’s exceedingly difficult to make this occur.

What enemy? Mirelurk Hatchlings. These creatures are only spawned from a Mirelurk Queen, one of the more difficult standard enemies in the game. While you can attempt to get The Whoopsies from any Diseased Mirelurk Hatchlings, the easiest location to do this is at Quarry X3 in the Cranberry Bog. This location has a half-round metal building located near the pond where a Mirelurk Queen spawns. You’ll use this building to help craft the situation needed.

The challenge is not to kill the queen while allowing hatchlings to continue to spawn. However, hatchlings don’t spawn often (about every 3-5 minutes) and when they do, the vast majority are not diseased. Only about one out of 10 spawned are diseased. Even then, a diseased hatchling might not confer the disease upon you even after attacking you repeatedly. Unlike diseased Ghouls, diseased Radstags, diseased Snallygasters and diseased Deathclaws which confer a disease instantly upon even getting close, hatchlings don’t confer a disease even after attacking multiple times.

The problem, even above their slowness in spawning, is that the hatchlings die on their own after attacking about 5-7 times. Corrected. As of January 2022, Bethesda seems to have fixed the hatchling dying problem. I was able to allow a diseased hatchling to repeatedly attack my character for up to 10 minutes or longer. This finally allowed my character to obtain The Whoopsies and close out this challenge. Note that if your character carries any of Unstable Isotope, Plague Walker or Electrically Charged mutations or any of your armor carries Toxic, Frozen or Electrified effects that “Deal 100 Fire/Poison/Cryo DMG to Melee attackers”, these auto-melee attacks will kill the hatchlings after just a few attacks. You’ll want to remove your armor and wear only armor that doesn’t have disease resistance or auto-melee. You’ll also need to suppress mutations with Rad-X. You’ll also want to remove the perk card Strange in Numbers if you’re on a team, which enhances mutation effects. You’ll also want to consume a Radaway to lower disease resistance to be able to get the disease easier and faster. You will also need the ….

Metal Building

The trick here is to lure the queen next to the building and wait for the “pop” sound from the queen, indicating new hatchling eggs have spawned. You might need to venture out and let the hatchlings see you, but I’ve found they typically enter the building on their own if they know you’re there. The queen can’t attack you easily inside the building, but the hatchlings can enter and begin attacking. You’ll want to kill all of the non-diseased hatchlings allowing only the diseased hatchlings to attack. You might get lucky and receive The Whoopsies quickly or you could be waiting for hours in that building standing around letting them attack you. You’ll want to carry a bunch of stimpaks or food to replenish your HP and some Rad-X and Radaway to increase your chances.

Make sure to remove any Perk cards that add disease resistance and also change to armor as described above. However, none of this guarantees that any diseased hatchling will give you The Whoopsies quickly.

Further, if you do manage to get The Whoopsies and you find that it doesn’t count under the challenge, you’ll need to follow the same instructions as above by server hopping, then attempting to get another disease, like Swamp Itch, from a mattress to force the game to count The Whoopsies as part of the challenge. However, when my character got The Whoopsies, it counted instantly. No problems with this challenge, unlike Sludge Lung above.

As I said, The Whoopsies is the absolute most difficult disease to obtain in the game, bar none. It is likely to be the only disease you don’t have… unless you accidentally received it from a hatchling during a random Mirelurk Queen encounter. The likelihood of that happening is extremely low during the course of random play.

Good Luck!

↩︎

Tagged with: , , , , ,

leave a comment

Gaming Breaking Bugs Series #1: Fallout 76

Posted in botch, business, gaming, video game design, video gaming by commorancy on August 16, 2020

With this series, I intend to start calling out video gaming’s game-breaking-bugs as I find them and boy are there a lot to report with Fallout 76. Here is report I recently filed with Bethesda. Let’s explore.

Report

Re: Enemies not dying after multiple shots.

It is truly becoming impossible to play Fallout 76. That’s not an exaggeration. I’m using various ranged weapons and it can literally take 2, 3 even sometimes 4 (or more) shots to actually kill an enemy that should die in 1 shot. This MUST be solved. Combat is intrinsic to this game. When combat doesn’t work, then the game is broken.

How this problem manifests…

It begins when you attempt to VATS shoot an enemy. It doesn’t matter where you shoot the enemy, but the head is usually the place where combat fails most often. I have a bloodied Lever Action and a bloodied Pipe Bolt Action Pistol. I’ve also had this problem occur with various melee weapons. So, it’s not limited to any specific weapon or type.

You begin by using VATS on the head using Concentrated Fire. Take the shot. The shot connects. The thud sounds. The enemy’s health bar drops to 0. Then, inexplicably, the health bar instantly recovers to full health and the enemy is alive to lunge or shoot at you. Not only that, the failed shot alerts the enemy to your presence. You can perform this action multiple times in a row to the same effect. It doesn’t matter if it’s a Ghoul, insects, a Super Mutant, dogs or a robot. This broken combat mechanic affects every weapon type and every enemy type.

To 100% reproduce this bug, sneak your way into The Whitespring Golf Club, head to the left on the upper level. Then as you come through the door, there is an enemy that spawns right near the back left window in a corner.

Once you have cleared the rest of the ghouls in that room, stand by the entry hall area and attempt to VATS shoot this specific Ghoul in the head. It may take 2, 3, 4 or more shots before it will die. Targeting the limbs or torso sometimes works around this game breaking bug, but sometimes it doesn’t. Sometimes using a scope instead of VATS works, sometimes it doesn’t.

It’s one thing if the shot misses entirely, it’s completely another when the shot connects, makes a thud noise, shows a 1200 damage number also showing the enemy health bar dropping to zero and then the enemy’s health bar magically recovers fully? No, these are NOT legendary enemies.

This combat issue needs to be resolved pronto as this is literally a game breaking combat bug.

Expected Behavior

When you shoot an enemy and the bullet is recognized by the game engine as connecting, then the enemy needs to take the required amount of damage and/or die if health reaches zero. This combat bug is entirely unacceptable.

Enjoy this bug as this series has many more coming. If you have experienced this specific combat bug, please leave a comment below.

Tagged with: , , , , , , ,

leave a comment

How to fix Touch ID purchasing after Apple ID unlock

Posted in Apple, botch, california by commorancy on August 14, 2018

Touch ID App store purchasing no longer works after your Apple ID is unlocked? How do you get it working again? Let’s explore.

Apple ID Locked

I’ve recently begun having problems with Apple locking my Apple ID account about every 3 weeks with no explanation. After I’ve unlocked my account, I find that the App store app refuses to use Touch ID and forces entry of my password to download an app. Hey Apple, I set up Touch ID so I don’t have to type in a password.

I’ve called Apple twice about this problem and they are of no help. I had to figure this one out on my own. Thanks Apple… not!

Not only does Apple have no logs to determine why the account is locked, they simply don’t care about this problem. Their login system has become shit in the last few months beginning in June of 2018. I have no explanation for this lockout problem except that Apple needs to get their shit together. I’ve never had this problem before this point. Anyway, once an Apple ID is locked, you’ll need to unlock it to proceed cleaning up the mess Apple leaves behind.

Note, I have no problems unlocking my account. In fact, it takes about 5 minutes or less. However, there’s a bunch of crap to do to clean up Apple’s mess.

Unlocking an Apple ID

To unlock your account, go to appleid.apple.com. Note, I have chosen not to linkify in the address in this article for security reasons. This is why it’s not clickable in this paragraph.

Instead, simply select the text => appleid.apple.com . Then copy and paste it into your browser’s address bar. Or better, type it into your browser’s address bar manually. Next, browse to this destination. Because this is Apple’s security site which manages your Apple ID security settings, I urge you to make sure you type it in exactly and carefully. If you mistype this address, it’s possible that you could land on a malicious web site that looks identical to Apple’s site and which could collect your Apple ID and password. Alway be cautious, alert and careful when visiting sites which manage the security of your account(s). Here are the steps to get you started:

  • Once you’re on the Apple ID site, under the ‘Manage your Apple account’ text, enter your Apple ID username and click the arrow pointing right →
  • Now enter your current password and click the arrow →
  • It will tell you your account is locked
  • At this point, follow the prompts to unlock your account

You’ll need to need to know the following info (as of 2018) to unlock your account:

  • Birthdate
  • Answers to the security questions you set up previously

This section assumes you have not set up two-factor authentication. You can choose to unlock by email or by answering security questions. It’s up to you which path to follow. Whichever path you choose, complete the process to unlock your Apple ID. After unlocking, here’s where the fun begins. /sarc

If you can’t remember your security questions or birthdate, you’ll need to contact Apple Support and request for them to help you with unlocking your Apple ID. If you have set up two-factor authentication (2FA), you will need to know your recovery key. If you’ve lost you recovery key and access to your trusted device after setting up 2FA, you’re out of luck. If you have access to your trusted device, Apple can send you a text to finish the unlocking process. You cannot recover your Apple ID when using 2FA if you have lost the recovery key and lost access to your trusted device. For this reason alone, I cannot recommend setting up 2FA on your Apple ID. Stick with a strong password and avoid 2FA.

Note, I strongly recommend unlocking your account via this web browser method only. Even if your iPhone or iPad prompts to unlock your account directly on your device, don’t. Do not rely on the methods built into iOS devices as I have found them to be problematic and unreliable. Using the browser method, you will have no troubles.

Account Unlocked / Touch ID problems

Once your account is unlocked, you’ll find that all devices that were formerly logged into this account will have been force logged out. This force logout method is different than the method you would use to logout on the device. If you log out of the device, you will be prompted for both the account name and the password. With Apple’s force logout due to a lock, you are only required to reenter your password. Your login ID will be remembered and cached.

An account lockout wreaks havoc on certain features in iOS like Touch ID. Because the account was force logged out, then unlocked, Touch ID will fail to work on both the Music and the App store app. As I said above, you’ll find that the App store now prompts you to enter your password rather than using Touch ID.

Worse, you can go to settings and clearly see that Touch ID is still enabled for the App store app, but it is not working. This is demonstrably a bug that Apple simply won’t fix. How do we resolve this? Let’s continue.

Fixing Touch ID in the iTunes and App store app after a lockout

Here are the steps to fix this problem:

  • Kill the Music and App store apps on your iOS device. DON’T SKIP THIS STEP. You do this by double clicking the home button. Then scroll through the apps running, then drag the app up to the top of the screen with your finger until it disappears from the list. This will kill that app. It’s always a good idea to periodically kill all running apps on your phone to improve performance. Be sure to kill the App store app before proceeding. If you have many apps in the list to scroll through, you can bring the app to the front of the list easily by launching the app before trying to kill it.
  • Once the apps are killed, proceed to the Home screen and touch the Settings app
  • Scroll down to Touch ID & Passcode and touch it
  • Enter your pincode (if requested)
  • This is the screen you’ll see next
  • On this screen, you’ll see the iTunes & App store is already enabled (green). This setting is a lie. After a force lock and unlock, Apple automatically disables this feature internally even though the button shows green and enabled. That this button remains enabled is a bug and is the reason Touch ID doesn’t work.
  • Click the green slider button next to iTunes & App Store to disable this setting.
  • Wait for a moment for this to register and turn grey, like so 
  • Now, click it a second time to re-enable it. This time, it will prompt you for your Apple ID password.
  • Enter your current Apple ID password in the password prompt
  • Wait for the button to do a little jig before leaving this screen. The jig is described like so: the button starts off green, then turns grey for a moment, then slides back to green. This jig confirms that Touch ID for the App store is now truly enabled
  • Exit to the home screen and launch the App store app
  • Browse to any free app in the store and click ‘Get’. Touch ID should now prompt you for your fingerprint instead of prompting for your password.

If you skip killing the apps where I asked you to do that, you’ll find that the App store app still prompts for a password. The reason for this is that the App has cached the forced logout. To break that cache, you perform all of the steps described above. Following the order of these steps is important.

If you leave the App store app running when you reset the Touch ID settings, you’ll find that the password prompt problem remains. You may find that killing and relaunching the app even after resetting the Touch ID after-the-fact also won’t work. That’s why the order the steps is important.

Stupid Problems, Debugging and Network Settings

Problems this stupid shouldn’t exist on iOS devices, but here we are. I’ve already discussed this issue with Apple Support, but they simply won’t do anything about it. In fact, because this problem was formerly a rare occurrence, Apple Support isn’t even aware of this workaround.

In fact, while on the phone, Apple Support “recommended” that I reset my network settings. Never reset network settings as a first step. Resetting network settings should be the absolute last step and only when nothing else resolves a problem. The difficulty with resetting network settings is that it wipes all iCloud stored network passwords and access point information, like WiFi passwords. Not only does it wipe all WiFi networks and passwords on iCloud for the device where you wiped network settings, it wipes it for every device also using iCloud. This means if your Apple ID is being used on a MacBook, an iPhone, an iPad, an iPod or any combination of several of these devices, you’ll have to reinter the password on every device manually. It will also have forgotten all of the access points that iCloud formerly knew. Each new device will need to relearn them all.

You can somewhat solve this problem by first signing your device out of iCloud before wiping network settings. However, when you log your device back into iCloud, it might still wipe some settings from iCloud once logged back in and synced with iCloud. Be cautious with doing this.

I’ve been there and done that. This is a pain-in-the-ass. If Apple Support ever requests you to wipe network settings, tell them politely but firmly, “No.” Then state, “I only wipe network settings as a last ditch effort. Let’s exhaust all other workarounds and possibilities first.”

Wiping network settings usually only resolves actual networking problems, such as the phone refusing to connect to a WiFi access point. Touch ID has nothing to do with networking. Be wary of Support Team members requesting you to wipe network settings to help resolve non-network problems. The last thing you want to do is spend hours fixing all of your other devices in addition to not resolving the original problem. The Apple Support team is very good at causing more problems without actually solving the original problem. It is up to you to always exercise your best judgement to prevent Apple Support slip ups.

I really wish that Apple would just fix these stupid bugs. I also wish that they would tell me why my account keeps getting locked out.

↩︎

Tagged with: , , , , , , , , , , , , , , , , , , ,

leave a comment

Shopping Frustration: When coupon codes don’t work

Posted in shopping by commorancy on September 4, 2012

Nothing is more frustrating during online shopping than when e-tailers send out a coupon code for a one day sale that doesn’t work.  I have to wonder, are these sites just stupid, clueless or technically inept?  Let’x explore.

Holiday Shopping Spree

If you’re like me, I tend to shop for things when people send me coupon codes.  Specifically, I shop when things are wearing out. I try to make sure these purchase times match up when coupon codes are available.  So, I like to wait for sale days like Memorial Day, President’s Day or, like today, Labor Day.  So, I’m happy when companies where I like to shop send me a 20% or 30% off coupon.  I generally like to take advantage of these deals because they don’t appear that frequently and I can shop for clothes that are wearing out.

Clickable Ad Banners in Email

Unfortunately, many of these e-tail sites are so inept or mismanaged that they email out the code but they forget to activate the code.  Sometimes they deactivate it too early.  Worse, they send an email with a big clickable banner ad describing this ‘Sale’ that, when you click, takes you to their home page and not to the sale items that apply to the code.  This action leaves you wondering what the heck is actually on sale?   One word comes to mind: inept.  Retailers, this is a seriously stupid practice.  If you send out an email that you’re having a 20% off sale, a click should immediately take you to the sales item(s).  Don’t make your customers guess what’s on sale.   In the case where I am taken to the front page, I close the browser, delete the email and move on.  Sorry, you’ve just lost a sale and I simply won’t shop there.  I know I’m not alone in this.  A lot of people fill their carts and either abandon the cart or clear it out because of stupid things like coupon codes that don’t work.

Coupon Codes that Don’t Work

I’ve had many times where some company sends me a coupon code that when you type it into the cart and click ‘Apply’, the message says ‘This coupon is not valid’ or ‘This coupon does not apply to the items in your cart’.  This goes back to the above issue.  If you’re planning to issue a coupon code and spend the time and effort to email your email list with this code, you damned well better test that code to make sure it works and you damned well better make sure the customers know to which items the code applies.  Don’t make your customers guess.  Additionally, for 24 hour sales, you should make also sure that code works until midnight.  And by this I mean, make sure it works until midnight of the customer’s timezone, not just your company’s timezone. That coupon should not expire at midnight your company’s timezone time as that could be midday in some locales. The code should expire at midnight wherever your shopper resides or better, expire it the following day sometime during the day to prevent expiration before the day is over for every customer and also lets late customers take advantage.  After all, isn’t the idea behind a coupon code to get people into your site to purchase?

Customers walking away

Making stupid moves like not activating coupons, deactivating them early or making your customers guess as to what merchandise the coupon applies is just a stupid practice.  You probably think I’m talking about small mom-and-pop shops here.  No, these are well known well respected companies that are making these most basic mistakes, like Jockey, Tommy Bahama and Zagg.

Nothing is more frustrating than filling up your cart with merchandise expecting to use a coupon code only to find that it doesn’t work.  Or, worse, not finding the merchandise to which the sale or coupon applies.  In these cases, I empty the cart, close the browser window and delete the email.  If these companies do this more than once,  I remove myself from their email list as it’s quite clear that these companies do not have their act together.  Which, if you think about it, is completely odd.  These are retailers in business to make money.  If you’re planning to offer a sale that uses a coupon code and that code doesn’t work, do you really think people are going to pay full price anyway?  No.  Selling your merchandise is your bread and butter and if you want people to buy your stuff, then you need to make sure your email ads reflect the reality of your site.  If it doesn’t work, then you have even more serious issues on your hands, not the least of which might be considered fraud.

Amazon Better?

I just don’t understand this practice.  This is why Amazon is kicking butt.  With Prime, you get 2 day shipping included and the best price without hassling with coupon codes.  Sure, you might be able to find it slightly cheaper at some mom-and-pop shop.  But, the hassle of setting up a new account and dealing with yet more email that can’t do it right outweighs the few pennies of savings you might get from that mom-and-pop shop.  So, I always find myself back at Amazon buying, at least for hassle-free purchasing.  I don’t want to deal with coupon codes that don’t work, sites that don’t specify what’s on sale or silly stupid problems like this.

For those sites that do this, fix your sites or lose the sale and be trampled by Amazon.  It’s quite simple.

Tagged with: , , , , ,

1 comment

Stupid Security Measures: autocomplete=off – How To Turn Off or Disable

Posted in banking, security, technologies by commorancy on April 16, 2012

While I’m all for some browser related security, this one feature is completely asinine because it’s so unpredictable, uncontrollable and stupidly implemented. This is the complete opposite anyone should expect from a quality user experience. Let’s explore.

What is auto-completion?

Most browsers today will automatically fill forms and password fields from locally saved browser login and password information (usually the field is yellow when automatically filled). This is called autofill or autocompletion. While I admit that storing passwords inside a browser is not the smartest of ideas, specifically if it happens to be connected to your bank account. With that said, it is my choice. Let me emphasize this again loudly. Saving passwords IS MY CHOICE! Sorry for yelling, but some people just don’t listen or get this… hello Chrome, Firefox and IE, you guys (especially Chrome) need to take notes here.

So what’s this autocomplete=off business?

As a result of autocompletion, the browser creators have decided to give web site creators the ability to disable this mechanism from within their own web pages. So, when they create forms, they can add the tag “autocomplete=off” to the form which prevents the browser from storing (or offering to store) passwords or other sensitive information. This is fine if the browser would give the user the choice still. It doesn’t.

I’m fine with browsers trying to prevent stupid behavior from users, but always provide an override. Never implement features like this, however, at the expense of a frustrating and inconsistent browser experience. This is exactly what autocomplete=off does. Why? The browser doesn’t give the user control over this web page mechanism nor does it even warn of it. If the site sets this flag on their form, the browser won’t offer to store anything dealing with this form. That’s fine IF I can disable this behavior in the browser. I can’t. As I so loudly said above, this is MY choice. Make this a preference. If I want to store logins and passwords for any site on the Internet, it’s my choice. This is not Chrome’s choice or Wells Fargo’s choice or any other site’s choice. If you offer to store and save passwords, you need to let me do it under all conditions or don’t offer to do it at all. Don’t selectively do it based on some random flag that’s set without any warning to the user.

Inconsistent Browser Experience

When autocomplete=off is set on a form, there is no warning to the user that this value is set. The browser just doesn’t save the password. You have no idea why, you don’t know what’s going on. You expect the browser to offer to save and it doesn’t. This just makes the browser look broken. And, frankly, it is. If the browser can’t warn that autocomplete=off is set by the site through changing the color of the bar, flashing, an icon or some other warning mechanism (like the lock when https is in use) the user experience has been compromised and the browser is broken. This affects not only Chrome, but IE, Safari and Firefox. Yes, and this is extremely bad browser behavior. It’s also taking a step back in time before web 2.0 when the browser experience became more positive than negative. We’re heading back into negative territory here.

Browser Developers Hear Me

Not warning the user that the experience is about to change substantially is not wanted behavior. For auto-completion, we already have mechanisms to shut it off entirely. We have mechanisms to exclude sites from saving credentials. Why do we need to change the browser experience just to satisfy Wells Fargo or some other site? I’m all for letting these sites set this flag, but just like overriding bad certificates at https sites, users should be able to override autocomplete=off. There is no need to break the browser experience because you want to allow sites stop saving of passwords. No, again, hear me, it’s MY CHOICE. It’s not your choice as a developer. It’s not Wells Fargo’s choice. It’s not PayPal’s choice. It’s MY CHOICE. If I want to save passwords into my browser, allow me t0 always override this setting.

Hacks Galore

Yes, there are browser hacks available as browser extensions (Chrome or Firefox) to disable autocomplete=off on forms on sites. While these hacks work, they require updating, can break on browser updates and can be generally problematic under some conditions. No, this is an issue that firmly needs to be addressed in the core browser, not through clever browser add-on hacks. Let the sites set autocomplete=off, that’s fine. But, warn me that it’s turned on and let me override it. I shouldn’t need a hack to fix a bug in the browser.

Always Warn of Browser Experience Changes

Why am I going down on this issue so hard? Because this is a completely crappy implementation of this feature. Why? Because it breaks the user’s browsing experience without any warning. If this the page is attempting to prevent me from saving credentials, then this information should be marked clearly in the browser somewhere. Perhaps by adding a special icon to the address bar indicating that credential saving is not allowed on this site. Then, when I click that small icon, I should be able to override this behavior immediately. Again, this is my choice to store or not store passwords to the browser. There should never be any defacto security mechanisms which cannot be overridden by a user control. Never!

If the user chooses to do something stupid, that’s the user’s choice. No, it’s not a bank’s, chrome’s or any other company’s responsibility to ensure the safety of user data. It’s entirely the user’s responsibility and those choices should be completely left up to the user to decide, for better or worse.

[Update] Safari is now warning when autocomplete=off is set on a page. Safari now tells you that the site you are visiting doesn’t allow saving of passwords. Bravo to at least Apple for getting this one right.

I have also found that Firefox with the Greasemonkey plugin and this Greasemonkey script works best for completely disabling all pieces of autocomplete=off.  While the above plugins do at least allow saving passwords, the plugins don’t always allow autocomplete to work.  This means that if you want to see your credentials autopopulate into the fields on page load, you may have to use Greasemonkey instead. I have found that the Greasemonkey solution is the most complete at disabling autocomplete=off.  The reason this works is that Greasemonkey actually removes this autocomplete=off pieces from the page before Firefox renders it. The other plugins just tweak the browser to ignore the setting for password saving, but it still exists in the page source and, thus, the pieces that manage the autocomplete parts are left unhandled.  So, these pieces still don’t populate the fields.

Tagged with: , , , , , , , , , , , , , , , , , , ,

40 comments

%d bloggers like this: